Converting a security descriptor

J

Jan Nielsen

In a C# application I'm using the NetShareGetInfo API function to get some
information about a share.
This is working all right.

Now I want my application to be able to display the contents of the security
descriptor as well.
Using NetShareGetInfo I get a IntPtr (SECURITY_DESCRIPTOR*) to the security
descriptor. I would like to convert this into an
ActiveDs.IADsSecurityDescriptor.

I've tried the following:
ActiveDs.IADsSecurityDescriptor sd =
(ActiveDs.IADsSecurityDescriptor)securityUtility.ConvertSecurityDescriptor(pSd1,
2, 1);
but it throws an exception 0x8000500C.

Can this be done at all ? And if so, how ???

It seems like it possible to get the SD by using
IADsSecurityUtility::GetSecurityDescriptor. However as I allready have the
data from NetShareGetInfo, I would just like to convert it into a format
easier to work with.


Thanks in advace,
Jan Nielsen
 
W

Willy Denoyette [MVP]

Jan Nielsen said:
In a C# application I'm using the NetShareGetInfo API function to get some
information about a share.
This is working all right.

Now I want my application to be able to display the contents of the
security descriptor as well.
Using NetShareGetInfo I get a IntPtr (SECURITY_DESCRIPTOR*) to the
security descriptor. I would like to convert this into an
ActiveDs.IADsSecurityDescriptor.

I've tried the following:
ActiveDs.IADsSecurityDescriptor sd =
(ActiveDs.IADsSecurityDescriptor)securityUtility.ConvertSecurityDescriptor(pSd1,
2, 1);
but it throws an exception 0x8000500C.

Can this be done at all ? And if so, how ???

It seems like it possible to get the SD by using
IADsSecurityUtility::GetSecurityDescriptor. However as I allready have the
data from NetShareGetInfo, I would just like to convert it into a format
easier to work with.


Thanks in advace,
Jan Nielsen
Click to expand...

Jan,

You can't pass a raw pointer as argument to ConvertSecurityDescriptor, this
method takes a VARIANT of type byte array (VT_I1|VT_ARRAY).
So you have to marshal the SD to a byte[] with correct length.
To get the lenght of the SD call GetSecurityDescriptorLength, here's the
signature:

[DllImport("advapi32", SetLastError=true)]
internal static extern uint GetSecurityDescriptorLength(IntPtr byteArray);

uint sdLength = GetSecurityDescriptorLength(pSd1);

Now create an array with the length returned using Marshal.Copy and call
your method like this:

byte[] sdArray = new byte[sdLength];
Marshal.Copy(pSd1, buffer1, 0, (int) sdLength);
ADsSecurityUtilityClass asu = new ADsSecurityUtilityClass();
IADsSecurityDescriptor sdi =
(IADsSecurityDescriptor)asu.ConvertSecurityDescriptor(sdArray,2, 1);

As you see, you need another PInvoke call, and that's bad, there's no need
to call NetShareGetInfo, you better stick to System.DirectoryServices to get
the SD from a remote share.

Willy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NTFS and share permissions on a folder 1
Setting "User Cannot Change Password" Flag from ASP.NET/C# 1
Interop Woes 1
Network share permissions with WMI 2
Secruity on remote folders 3
GetAce API in VB.Net 9
Seting ntfs persmission of a remote folder with wmi from a web app 6
Taking Ownership 7

Top